13 May 2016

Petya ransomware is back with a friend named Misha

Petya ransomware is back with a friend named Misha

Petya ransomware became very popular because of its name. However, the code was not efficient enough to make money for malware writers. Petya needed administrative privileges on the system to modify master boot record. If it could not get administrative privileges, it did nothing with the infected computer.

Ransomware writers had to do something about it, and they did: a very clever and scary move from. They released new malware named Misha. It is downloaded by Petya in case Petya’s installation has failed. Misha does not require administrative privileges, according to Bleepingcomputer.

After installation Misha ransomware encrypts files with AES encryption algorithm and demands ransom of 1.93 bitcoins (approximately $875). Encrypted files are renamed and 4-character extension is added to the filename, for example: test.jpg will renamed into test.jpg.7GP3.

Ransomware is distributed via emails with link to malicious executables, disguised as job applications.

Unfortunately, there is no know way to restore encrypted files for free.

Back to the list

Latest Posts

Week in review: major security incidents in October 9-15

Week in review: major security incidents in October 9-15

The article contains a brief report of cybersecurity incidents for the past week.
16 October 2017
Week in review: major security incidents in October 2-8

Week in review: major security incidents in October 2-8

The article contains a brief report of cybersecurity incidents for the past week.
9 October 2017
Week in review: major security incidents in September 25 – October 1

Week in review: major security incidents in September 25 – October 1

The article contains a brief report of cybersecurity incidents for the past week.
3 October 2017
Featured vulnerabilities
FreeBSD update for WPA2 protocol
Medium Patched | 18 Oct, 2017
Information disclosure in Tor
Low Patched | 17 Oct, 2017

Future events
Location: Na Strži 65/1702, Praha 4
Links: http://financnictvi.konference.cz/

Technologické inovace ve finančním sektoru (FINTECH). Kybernetická bezpečnost, risk management, decision engine, datová analýza, reporting, platformy bezpečnostních technologií, mobilní aplikace v globálním světě financí, projektové řízení, případové studie.
Location: Bajkalská 25/A, Bratislava
Links: http://bdd.exponet.sk/

Explózia dát je nepochybne sprievodným javom súčasnosti. Preto aj problematika bezpečnosti a dostupnosti dát zaznamenáva prevratný rozvoj a jej obsah a rozsah sa mení tiež v súvislosti s vývojom nových technológií. Ochrana dát sa netýka len jednotlivých zariadení, ale aj sietí, online úložísk a služieb. Množstvo dát, portfólio zariadení a úložisk sa tiež významne rozširuje s nástupom internetu vecí. Konferencia sa zameriava na aktuálne trendy a možnosti lepšej ochrany a efektívnej práce s dátami.
Location: Na Strži 65/1702, Praha 4
Links: http://did.konference.cz/

Konference přinese aktuální témata, vystoupení předních odborníků z praxe i z akademického prostředí, případové studie. V popředí zájmu budou big data, data analytics, propojování interních a externích dat, business intelligence, geodata, open data,  big data ve finančnictví, vzdělávání i astronomii.